CentOS7 NAT server

# echo “net.ipv4.ip_forward = 1” >> /etc/sysctl.d/ip_forward.conf
# sysctl -w net.ipv4.ip_forward=1
#### em1 is internal. em2 is public.
# firewall-cmd –permanent –add-rule ipv4 nat POSTROUTING 0 -o em2 -j MASQUERADE
# firewall-cmd –permanent –direct –add-rule ipv4 nat POSTROUTING 0 -o em2 -j MASQUERADE
# firewall-cmd –permanent –direct –add-rule ipv4 filter FORWARD 0 -i em1 -o em2 -j ACCEPT
# firewall-cmd –permanent –direct –add-rule ipv4 filter FORWARD 0 -i em1 -o em2 -m state –state RELATED,ESTABLISHED -j ACCEPT
# firewall-cmd –reload